<?php
/* 
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
    include_once '../connection/databaseHandler.php';
    include_once '../connection/sessionHandler.php';
    $database = new DatabaseHandler();
    $session = new SessionHandler();

    
if (($_FILES["file"]["type"] == "image/gif") 
        || ($_FILES["file"]["type"] == "image/jpg")
        || ($_FILES["file"]["type"] == "image/jpeg")
        || ($_FILES["file"]["type"] == "image/pjpeg")
        || ($_FILES["file"]["type"] == "image/bmp")
        || ($_FILES["file"]["type"] == "image/png")
        )
{
    if ($_FILES["file"]["error"] > 0) {
        echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
    else {
        if (file_exists("../res/upload/" . $_FILES["file"]["name"])) {
            echo $_FILES["file"]["name"] . " already exists. ";
        }
        else {
            //Mendapatkan semua informasi yang telah divalidasi di client-side
            $username_uploader = $session->username;
            $img_ext = substr($_FILES["file"]["name"], strrpos($_FILES["file"]["name"], '.'));
            
            $img_src ="res/upload/";
            $id_keyword = $_POST['keyword'];
            $description = $_POST['description_content'];
            $date_taken = $_POST['date'];
            $title = $_POST['title'];
            $date_upload = date("Y-m-d");
            $id_role = $_POST['photo_role'];
            $id_hak_komentar = $_POST['hak_comment'];
            
            // menghilangkan kemungkinan SQL Injection
            $username_uploader = stripslashes($username_uploader);
            $username_uploader = mysql_escape_string($username_uploader);

            $query = "INSERT INTO $database->t_foto (
                        username_uploader,
                        img_src,
                        title,
                        id_keyword,
                        description,
                        date_taken,
                        date_upload,
                        id_role,
                        id_hak_komentar
                    ) VALUES (
                        '$username_uploader',
                        '$img_src',
                        '$title',
                        '$id_keyword',
                        '$description',
                        '$date_taken',
                        '$date_upload',
                        '$id_role',
                        '$id_hak_komentar'
                    )";

            if (!$database->execQuery($query)) {
                echo "<script>";
                echo "alert('Failed, please try again')";
                echo "</script>";
                die();
            }
            else {
                $lastid = mysql_insert_id();
                move_uploaded_file($_FILES["file"]["tmp_name"], "../res/upload/" .($lastid).$img_ext);
                $new_img_src = $img_src.$lastid.$img_ext;
                $queryupdate = "UPDATE $database->t_foto
                        SET img_src = '$new_img_src'
                        WHERE id=LAST_INSERT_ID()";
                    if (!$database->execQuery($queryupdate)) {
                        echo "<script>";
                        echo "alert('Failed, please try again')";
                        echo "</script>";
                        die();
                    }
                    else {
                        header("location:../profile.php?page=photo-detail&photo-id=".$lastid.$img_ext);
                    }
            }
        }
    }
}
else {
  echo "Invalid file";
  }
?>
